Forum Discussion
AltostratusHow to implement LTM forward proxy client to determine the diversion pool based on the domain name
AltostratusYes, I agree with you. I have considered using DNS to capture domain name traffic, but I don't know how the logic is related. For example, I use a 0.0.0.0:53 VS to capture domain name information and addresses, and another 0.0.0.0:0 for the egress network. I don't know how to associate the two VS.
MVPI believe what you are looking for is outlined in the following document.
https://community.f5.com/kb/technicalarticles/configure-the-f5-big-ip-as-an-explicit-forward-web-proxy-using-ltm/286647
- NathanAsky
Thank you very much. Maybe it's still not the part I need.
I am trying the following part to capture the domain name IP through 0.0.0.0:53 to 0.0.0.0:0 vs. getting dictionary information to match the diversion, but I don't like this method very much
when DNS_RESPONSE {
set requested_domain [DNS::question name] ;# 获取查询的域名# 指定允许存储的域名列表(只记录这些域名)
set allowed_domains {
"google.com"
"baidu.com"
"yahoo.com"
}# 检查域名是否在允许列表中
if { [lsearch -exact $allowed_domains $requested_domain] == -1 } {
log local0. "Ignoring domain: $requested_domain (not in allowed list)"
return
}# 获取已存储的 IP 列表(如果存在)
set existing_ips [table lookup "DNS_$requested_domain"]
# 初始化一个新的 IP 列表
set ip_list {}foreach answer [DNS::answer] {
if { [DNS::type $answer] eq "A" } {
set resolved_ip [DNS::rdata $answer] ;# 获取解析的 IP 地址
# 如果已存储的 IP 列表存在,先解析它
if { $existing_ips ne "" } {
set ip_list [split $existing_ips ","]
}
# 只添加新 IP,避免重复存储
if { [lsearch -exact $ip_list $resolved_ip] == -1 } {
lappend ip_list $resolved_ip
}
}
}# 存储更新后的 IP 列表(用逗号分隔)
if { [llength $ip_list] > 0 } {
table set "DNS_$requested_domain" [join $ip_list ","] 300
log local0. "Stored: $requested_domain -> [join $ip_list ","]"
}
}
